Skip to main content
Data Storage Modules 0.40.1Last updated in version 0.38.1

Backup Plan Module

View Source Release Notes

This Terraform Module creates the following AWS Backup resources:

  1. Backup plans - specifying how and when to back things up
  2. Resource selections - specifying which resources to back up

You associate your plans with a Backup vault.

What is a Backup Plan?

A backup plan is a policy expression that defines when and how you want to back up your AWS resources. You can assign resources to backup plans, and AWS Backup will automatically back up those resources according to the backup plan. You can define multiple plans with different resources if you have workloads with different backup requirements.

For example, you can create a plan that backs up all resources (e.g., EC2 instances, RDS instances, etc) with a specific tag once every hour. Meanwhile, you might want to create a second plan that backs up only your DynamoDB tables, selected by explicitly passing their ARNs that is only backed up once per day. Creating multiple plans and vaults allows you to define your own backup workflow in whichever way makes the most sense for your use case.

Learn more at the official AWS documentation for Backup plans.

What is a Backup selection?

A Backup selection specifies which AWS resources you want AWS Backup to target when your backup plan is run. You can either specify your target resources via tag, or by explicitly passing their ARNs.

How do you select resources to backup via tag?

To select all EC2 instances, and DynamoDB tables, and EBS volumes, etc, that have the tag Snapshot:true, use a selection_tag when configuring this module:

module "backup_plan" {

...

plans = {
"tag-based-backup-plan" = {
rule = {
target_vault_name = element(module.backup_vault.vault_names, 0),
schedule = "cron(47 0/1 * * ? *)"
}
selection = {
selection_tag = {
type = "STRINGEQUALS"
"key" = "Snapshot"
"value" = true
}
}
}
}
}

How do you select resources to backup via ARN?

To select specific AWS resources by ARN, use the resources attribute when configuring this module:

module "backup_plan" {

...

plans = {
"tag-based-backup-plan" = {
rule = {
target_vault_name = element(module.backup_vault.vault_names, 0),
schedule = "cron(47 0/1 * * ? *)"
}
resources = [
"arn:aws:ec2:us-east-1:111111111111:instance/i-0fe68bg5e936782fr",
"arn:aws:ec2:us-east-1:111111111111:instance/i-0be38tg7e937782a3"
]
}
}
}

How do you troubleshoot Backup jobs?

See Troubleshooting AWS Backup in the core-concepts guide.

Sample Usage

main.tf

# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S BACKUP-PLAN MODULE
# ------------------------------------------------------------------------------------------------------

module "backup_plan" {

source = "git::git@github.com:gruntwork-io/terraform-aws-data-storage.git//modules/backup-plan?ref=v0.40.1"

# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# ----------------------------------------------------------------------------------------------------

plans = <any>

# ----------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------

# The name to use for the backup service role that is created and attached to
# backup plans.
backup_service_role_name = "backup-service-role"

}


Reference

Required

plansanyrequired
Any types represent complex values of variable type. For details, please consult `variables.tf` in the source repo.

Optional

The name to use for the backup service role that is created and attached to backup plans.

"backup-service-role"